If you want to keep the server more secure by leaving those ports closed, you can always whitelist just the remote servers IP in CSF so this way only that specific server will be able to access the necessary ports.